Changeset 3780

Timestamp:

05/18/2006 01:02:25 AM (18 years ago)

Author:

ryan

Message:

Fallback to admin referer check instead of nonce if no action is given to check_admin_referer(). For plugin compatibility.

File:

• branches/2.0/wp-includes/pluggable-functions.php (modified) (1 diff)

branches/2.0/wp-includes/pluggable-functions.php

@@ -233 +233 @@
     $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
     $referer = strtolower($_SERVER['HTTP_REFERER']);
-    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) {
+    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
+        !(-1 == $action && strstr($referer, $adminurl)) ) {
+        
         $html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
         $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";